2 results (0.004 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

electron-updater allows for automatic updates for Electron apps. The file `packages/electron-updater/src/windowsExecutableCodeSignatureVerifier.ts` implements the signature validation routine for Electron applications on Windows. Because of the surrounding shell, a first pass by `cmd.exe` expands any environment variable found in command-line above. This creates a situation where `verifySignature()` can be tricked into validating the certificate of a different file than the one that was just downloaded. If the step is successful, the malicious update will be executed even if its signature is invalid. • https://github.com/electron-userland/electron-builder/blob/140e2f0eb0df79c2a46e35024e96d0563355fc89/packages/electron-updater/src/windowsExecutableCodeSignatureVerifier.ts#L35-L41 https://github.com/electron-userland/electron-builder/commit/ac2e6a25aa491c1ef5167a552c19fc2085cd427f https://github.com/electron-userland/electron-builder/pull/8295 https://github.com/electron-userland/electron-builder/security/advisories/GHSA-9jxc-qjr9-vjxq • CWE-154: Improper Neutralization of Variable Name Delimiters •

CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0

electron-builder is a solution to package and build a ready for distribution Electron, Proton Native app for macOS, Windows and Linux. A vulnerability that only affects eletron-builder prior to 24.13.2 in Windows, the NSIS installer makes a system call to open cmd.exe via NSExec in the `.nsh` installer script. NSExec by default searches the current directory of where the installer is located before searching `PATH`. This means that if an attacker can place a malicious executable file named cmd.exe in the same folder as the installer, the installer will run the malicious file. Version 24.13.2 fixes this issue. • https://github.com/electron-userland/electron-builder/commit/8f4acff3c2d45c1cb07779bb3fe79644408ee387 https://github.com/electron-userland/electron-builder/pull/8059 https://github.com/electron-userland/electron-builder/security/advisories/GHSA-r4pf-3v7r-hh55 • CWE-426: Untrusted Search Path CWE-427: Uncontrolled Search Path Element •